Ansible lint
Linting: It is the process of running a program that will analyse code for potential errors. lint scans your code against some rules and provides you a nice analysis report.
Ansible lint is basically a command line utility. This was initially being used to scan ansible galaxy projects to check their quality score.
pip install ansible-lint
or if you want to install it from the source, you can run the below command.
pip install git+https://github.com/ansible/ansible-lint.git
To check if the installation is done and ansible lint is present, you can run a command as
ansible-lint --version
ansible-lint 3.4.15 (output)
This states that Ansible lint is installed and prints the version which is installed on your system.
| ID | Version Added | Sample Message | Description |
|---|---|---|---|
| E1xx - deprecated | |||
| E101 | historic | Deprecated always_run | Instead of always_run, use check_mode |
| E102 | historic | No Jinja2 in when | when lines should not include Jinja2 variables |
| E103 | historic | Deprecated sudo | Instead of sudo/sudo_user, use become/become_user. |
| E104 | historic | Using bare variables is deprecated | Using bare variables is deprecated. Update your playbooks so that the environment value uses the full variable syntax |
| E105 | v4.0.0 | Deprecated module | These are deprecated modules, some modules are kept temporarily for backwards compatibility but usage is discouraged. For more details see: https://docs.ansible.com/ansible/latest/modules/list_of_all_modules.html |
| E2xx - formatting | |||
| E201 | historic | Trailing whitespace | There should not be any trailing whitespace |
| E202 | historic | Octal file permissions must contain leading zero or be a string | Numeric file permissions without leading zero can behave in unexpected ways. See http://docs.ansible.com/ansible/file_module.html |
| E203 | v4.0.0 | Most files should not contain tabs | Tabs can cause unexpected display issues, use spaces |
| E204 | v4.0.0 | Lines should be no longer than 160 chars | Long lines make code harder to read and code review more difficult |
| E205 | v4.0.0 | Use ”.yml” or ”.yaml” playbook extension | Playbooks should have the ”.yml” or ”.yaml” extension |
| E206 | v4.0.0 | Variables should have spaces before and after: | Variables should have spaces before and after: |
| E3xx - command-shell | |||
| E301 | historic | Commands should not change things if nothing needs doing | Commands should either read information (and thus set changed_when) or not do something if it has already been done (using creates/removes) or only do it if another check has a particular result (when) |
| E302 | historic | Using command rather than an argument to e.g. file | Executing a command when there are arguments to modules is generally a bad idea |
| E303 | historic | Using command rather than module | Executing a command when there is an Ansible module is generally a bad idea |
| E304 | historic | Environment variables don’t work as part of command | Environment variables should be passed to shell or command through environment argument |
| E305 | historic | Use shell only when shell functionality is required | Shell should only be used when piping, redirecting or chaining commands (and Ansible would be preferred for some of those!) |
| E306 | v4.1.0 | Shells that use pipes should set the pipefail option | Without the pipefail option set, a shell command that implements a pipeline can fail and still return 0. If any part of the pipeline other than the terminal command fails, the whole pipeline will still return 0, which may be considered a success by Ansible. Pipefail is available in the bash shell. |
| E4xx - module | |||
| E401 | historic | Git checkouts must contain explicit version | All version control checkouts must point to an explicit commit or tag, not just latest |
| E402 | historic | Mercurial checkouts must contain explicit revision | All version control checkouts must point to an explicit commit or tag, not just latest |
| E403 | historic | Package installs should not use latest | Package installs should use state=present with or without a version |
| E404 | v4.0.0 | Doesn’t need a relative path in role | copy and template do not need to use relative path for src |
| E5xx - task | |||
| E501 | historic | become_user requires become to work as expected | become_user without become will not actually change user |
| E502 | historic | All tasks should be named | All tasks should have a distinct name for readability and for –start-at-task to work |
| E503 | historic | Tasks that run when changed should likely be handlers | If a task has a when: result.changed setting, it is effectively acting as a handler |
| E504 | v4.0.0 | Do not use ‘local_action’, use ‘delegate_to: localhost’ | Do not use local_action, use delegate_to: localhost |
| E6xx - idiom | |||
| E601 | v4.0.0 | Don’t compare to literal True/False | Use when: var rather than when: var == True (or conversely when: not var) |
| E602 | v4.0.0 | Don’t compare to empty string | Use when: var rather than when: var != “” (or conversely when: not var rather than when: var == “”) |
| E7xx - metadata | |||
| E701 | v4.0.0 | meta/main.yml should contain relevant info | meta/main.yml should contain: author, description, license, min_ansible_version, platforms |
| E702 | v4.0.0 | Tags must contain lowercase letters and digits only | Tags must contain lowercase letters and digits only, and galaxy_tags is expected to be a list |
| E703 | v4.0.0 | meta/main.yml default values should be changed | meta/main.yml default values should be changed for: author, description, company, license, license |
| E704 | v4.0.0 | meta/main.yml video_links should be formatted correctly | Items in video_links in meta/main.yml should be dictionaries, and contain only keys url and title, and have a shared link from a supported provider |